How to Defend Citizen Data in the Smart City Age

Juliet is the senior web editor for StateTech and HealthTech magazines. In her six years as a journalist she has covered everything from aerospace to indie music reviews — but she is unfailingly partial to covering technology.

States rely on data from connected technologies to streamline operations for local governments and improve city services for residents. But as governments begin to collect data through everything from smart utility meters to agency websites and street surveillance cameras, data privacy is becoming a major concern.

In fact, 79 percent of U.S. citizens are uneasy about the privacy and security of their personal digital data, according to an Accenture survey released in April. Moreover, 74 percent said they lacked confidence in the government’s ability to keep their data safe and 63 percent reported that they would feel more confident if government agencies and service providers had stronger data privacy and security policies in place.

So, what’s keeping states and local governments from ensuring citizens that data privacy is being taken seriously?

The Data Privacy Puzzle in the Public Sphere

Part of the issue could be that, for local governments, keeping data safe is a much newer endeavor than it is for other industries.

“The current state of data privacy in local government is still fairly immature compared to other sectors or commercial sectors where you have had privacy regulations, standards and discussions for many years,” says Kelsey Finch, policy council for the Future of Privacy Forum (FPF), a nonprofit group that provides education and resources around data privacy.

Still, many governments “don’t exactly have that base of knowledge and infrastructure of training to fall back on yet,” says Finch. “Many are doing their best to build it, but it’s still early days.”

As smart cities seek to connect different types of data from disparate sectors, such as health, advertising and safety, governments often have a lot more data to grapple with than other industries. And they don’t always have the opportunity to provide citizens with the choice to keep it private.

“One of the toughest issues is trying to find a balance of transparency for the government and privacy for citizens, particularly with the wave of open data efforts and sunshine laws that have increased activity around public information requests,” says Finch. She notes that while many of these open data initiatives are well-intentioned and seek to enable citizens to engage with data and be more involved with governance, that often comes at a cost to privacy.

Lastly, Finch notes that the issue of notifying citizens about data collection and providing them with the choice to allow isn’t as clear with state and local governments as it is with many other industries.

“You can’t put a notice on every single light post that adequately describes all of the risk factors that might be there. If you did, people would be overwhelmed,” says Finch.

And with sensors and cameras taking over streets, offering passersby the choice to participate isn’t always feasible.

“Folks can’t opt out of [closed-circuit television] cameras in public spaces,” says Finch. “So, we need to have conversations about when those types of applications are appropriate.”

3 Tips to Launch a Local Privacy Culture

As many state and local governments begin their journey to better address privacy concerns and build policy around it, where can they start?

Finch lays out three key points governments can look to address:

Engage the Community — Privacy expectations are different for each community. Finch advises setting up forums to speak with your community beyond just the technical measures of data collection and to weigh the pros and cons of data collection. “Civic engagement is the bedrock of privacy,” says Finch. “It’s about empowering your public to have a voice in how and when their data is being used.”

Create Accountability — While much of the focus in recent years has been on cybersecurity, agencies can’t achieve true security until privacy is taken into account. For this reason, just as governments have started employing chief security officers, they should also begin hiring chief privacy officers. “We’ve seen municipalities taking on chief privacy officers and building up privacy programs within their IT departments,” says Finch, pointing to West Virginia and Washington, which both employ CPOs. “It’s starting to become more formalized and structured, and that’s certainly where it needs to start, but we do need to see more cities and local governments employing a top-down approach to privacy so departments can better understand why privacy is important and eventually employ privacy training for employees at every level.”

Make Vendors Privacy Allies — Many local government services are outsourced, which can create a question of who is in charge of ensuring citizen privacy. But it can also provide the perfect opportunity for governments to require privacy from vendors and create a culture around it.

“There’s a huge opportunity for governments to be market makers and do policy by procurement, by having high standards for privacy and security in the contracts they are forming,” says Finch.

Above all, as communities take their first steps toward data privacy, Finch says it’s important that they act thoughtfully.

“Be really respectful of local needs, interest and community input,” says Finch. “What’s appropriate for one agency, city or state may not be appropriate for another, and if you don’t take local needs into account or have an opportunity to speak to a community, get their buy-in and build their trust, then you won’t be respecting individual privacy and civil liberties.”